From 24c27334409ce85fd38f24f53262a9dd4355c39f Mon Sep 17 00:00:00 2001 From: Pranshu Srivastava Date: Mon, 16 Sep 2024 03:25:45 +0530 Subject: [PATCH] fixup! fixup! fix: allow opting-into upstream probes --- .../components/kube-state-metrics.libsonnet | 20 +++++++++++++++++-- jsonnetfile.lock.json | 14 ++++++------- manifests/prometheusOperator-clusterRole.yaml | 10 +++++++++- manifests/prometheusOperator-deployment.yaml | 2 ++ ...0alertmanagerCustomResourceDefinition.yaml | 18 ++++++++++++++--- .../0prometheusCustomResourceDefinition.yaml | 18 ++++++++++++++--- ...ometheusagentCustomResourceDefinition.yaml | 18 ++++++++++++++--- .../0thanosrulerCustomResourceDefinition.yaml | 18 ++++++++++++++--- 8 files changed, 96 insertions(+), 22 deletions(-) diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 517e14f489..f0c60c5340 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -167,16 +167,32 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- spec+: { automountServiceAccountToken: true, containers: std.map(function(c) c { - ports:: null, securityContext+: { runAsGroup: 65534, }, args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], resources: ksm._config.resources, } + if !ksm._config.enableProbes then { + ports:: null, livenessProbe:: null, readinessProbe:: null, - } else {}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], + } else { + ports: defaults.kubeRbacProxyMain.ports + defaults.kubeRbacProxySelf.ports, + livenessProbe: { + httpGet: { + path: '/livez', + port: defaults.kubeRbacProxyMain.ports[0].name, + scheme: 'HTTPS', + }, + }, + readinessProbe: { + httpGet: { + path: '/readyz', + port: defaults.kubeRbacProxySelf.ports[0].name, + scheme: 'HTTPS', + }, + }, + }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], }, }, }, diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 098451aaf3..1d0663da39 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "6c1fe4a92a00854fc54828e257708f9e7f5b4f28", + "version": "2ed418c191bccc23d542b4081f96b694025fe031", "sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws=" }, { @@ -88,7 +88,7 @@ "subdir": "grafana-builder" } }, - "version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da", + "version": "a41bfeae97007b9ed047823e44974ce1a0817ca9", "sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo=" }, { @@ -98,7 +98,7 @@ "subdir": "mixin-utils" } }, - "version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da", + "version": "a41bfeae97007b9ed047823e44974ce1a0817ca9", "sum": "LoYq5QxJmUXEtqkEG8CFUBLBhhzDDaNANHc7Gz36ZdM=" }, { @@ -158,7 +158,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416", + "version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193", "sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=", "name": "prometheus-operator-mixin" }, @@ -169,8 +169,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416", - "sum": "IYa+0bUT25fTKjjDyZw9gV8DAi1BgfmLE1ucouoxKCs=" + "version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193", + "sum": "f2tfHUdjLBQOev2ernkHs0CLSUFap4zjH31swdTx+Bk=" }, { "source": { @@ -200,7 +200,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "e8fa1312a7a8934fd2928fab1bb8d7e5f2ea0a1a", + "version": "c328d5fc8820ec7fe45296cfd4de8036b58f4a3a", "sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=", "name": "prometheus" }, diff --git a/manifests/prometheusOperator-clusterRole.yaml b/manifests/prometheusOperator-clusterRole.yaml index c47b1c787a..930855905b 100644 --- a/manifests/prometheusOperator-clusterRole.yaml +++ b/manifests/prometheusOperator-clusterRole.yaml @@ -56,7 +56,6 @@ rules: resources: - services - services/finalizers - - endpoints verbs: - get - create @@ -98,6 +97,15 @@ rules: - storageclasses verbs: - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update + - delete - apiGroups: - authentication.k8s.io resources: diff --git a/manifests/prometheusOperator-deployment.yaml b/manifests/prometheusOperator-deployment.yaml index edda81d077..1ba7c66223 100644 --- a/manifests/prometheusOperator-deployment.yaml +++ b/manifests/prometheusOperator-deployment.yaml @@ -30,6 +30,8 @@ spec: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.76.2 + - --kubelet-endpoints=true + - --kubelet-endpointslice=false env: - name: GOGC value: "30" diff --git a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml index 4b3ac0f776..2cb12f0d23 100644 --- a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml @@ -7910,6 +7910,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -7972,6 +7977,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -7980,6 +7990,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -8015,9 +8030,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/manifests/setup/0prometheusCustomResourceDefinition.yaml b/manifests/setup/0prometheusCustomResourceDefinition.yaml index b4b3836a19..86708cd9f3 100644 --- a/manifests/setup/0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/0prometheusCustomResourceDefinition.yaml @@ -11757,6 +11757,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -11819,6 +11824,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -11827,6 +11837,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -11862,9 +11877,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/manifests/setup/0prometheusagentCustomResourceDefinition.yaml b/manifests/setup/0prometheusagentCustomResourceDefinition.yaml index c5dff6ec46..762d8f22aa 100644 --- a/manifests/setup/0prometheusagentCustomResourceDefinition.yaml +++ b/manifests/setup/0prometheusagentCustomResourceDefinition.yaml @@ -9723,6 +9723,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -9785,6 +9790,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -9793,6 +9803,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -9828,9 +9843,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml index fa165bce26..901944523e 100644 --- a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml @@ -7355,6 +7355,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -7417,6 +7422,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -7425,6 +7435,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -7460,9 +7475,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object